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REMARKS/ARGUMENTS 

Discussion of the Prior Office Action in the Present Reissue Application 

This paper is a second preliminary amendment to the Reissue Application filed under 37 
C.F.R. 1.171 on October 2, 2003 and is responsive to the Office Action dated August 20, 2004. 

In the Office Action, the Examiner indicated the first preliminary amendment filed on 
October 2, 2003 was not in proper form because il did not comply with 37 C.F.Pv. 121(h), 
1.173(b)(2) and 1.173(d). It is respecfully submitted that this second preliminary amendment 
complies with the statutory requirements. 

The Examiner also indicated the "Reissue Application Declaration by the Inventor" filed 
February 9, 2004 was not in proper form because it did not provide for the explanation for first 
preliminary amendment changes, as required by 37 C.F.R. 1.173(c). The Examiner also 
indicated the the same "Reissue Application Declaration by the Inventor" conflicted with the 
"Statement of Status and Support for All Changed to the Claims Under 37 C.F.R. 1.173(c)" filed 
October 2, 2003, particularly with respect to the status of reissue application claim 5. Submitted 
herewith is a "Reissue Application Declaration by the Inventor" form that provides an 
explanation for the second preliminary amendment changes. The form also unambiguously 
identifies claims as either original application claims, original patent claims, or reissue claims. 

The Examiner also objected to the "Consent to Reissue" form. It is repectfully submitted 
that the "Consent to Reissue" form submitted herewith satisfies the statutory requirements. 



37 of 48 



Docket No.: CISCO-8363 
(REISSUE OF CISCO-0737) 
032590-000223 



Discussion of the Prior Office Action in Original Case 

In the office action in the original patent application (Serial No. 09/225,247) dated 

January 30, 2001, original application claims 5 and 21 were rejected as being anticipated under 

35 U.S.C. 102(a) over the admitted prior art (APA). According to the Examiner: 

"Claims 5 and 21 are rejected under 35 U.S.C. 102(a) as being clearly anticipated by the 
first six figures of this application, as indicted above. 

"When "CORP A" is the Internet Service Provider, claims 5 and 21 are clearly 
anticipated. Specifically, in figure 5 there is a central database (the database directly 
connected to GRS), maintaining at least one AAA at the PoP, and configuring a database 
associated with the AAA service (the database directly connected to the AAA). Since 
CORP (A) and CORP (B) are viewed as part of the Internet Service Provider, there was a 
plurality of AAAs. 

"The above cited rejection is in the spirit of compact prosecution. Depending on which, 
if any, of the figures used in the above rejection, the rejection may or may not be moot." 

In the same office action, original application claims 5 and 21 were rejected under 35 

U.S.C. Sec. 102(e) as being anticipated by Zhang et al. (USP 6,1 19,160). According to the 

Examiner: 

"Claims 5 and 21 are rejected under 35 U.S.C. 102(e) as being clearly 
anticipated by Zhang et al. (6,1 19,160) (eg., see figures 1,3,4, Abstract. 
Col. 3 (line 31-et seq.), specifically figure 4 where each of the access 
points (152) are housed in one Internet Service Provider as covered in 
col. 9 (line 60-et seq.)). Each AAA was anticipated to have it's own 
database as indicated in col. 3 (line 45-et seq.) with at least one central 
database in the system." 

The Examiner indicated that original application claims 1-4, 6-20 and 22-32 were 
allowable. Original application claims 6 and 22 were amended to incorporate the limitations of 
original application claims 5 and 21 and original application claims 5 and 21 were cancelled 
without prejudice resulting in the claims of the patent now under Reissue. No substantive 
arguments were made concerning the claims. 
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Discussion of the Proposed New Reissue Claims with respect to the Recapture Rule 

MPEP Section 1412.02 codifies the "Recapture Rule" which generally bars an applicant 

for a reissue patent from "recapturing" claimed subject matter which was surrendered in an 

application to obtain the original patent. The recent case of Ex parte Eggeit 67 USPQ 2d 1716 

(BPAI, 2003) applied the following rule: 

In both Mentor [Mentor Corp. v. Colorplast Inc., 998 F.2d 992, 27 USPQ2d 1521 (Fed. 
Cir. 1993] and Bali [Ball Corp. v. United States, 729 F.2d 1429, 221 USPQ 289 (Fed. Cir. 
1984)], the relevance of the prior art rejection to the aspects narrowed in the reissue claim was an 
important factor in our analysis. From the results and reasoning of those cases, the following 
principles flow: (1) if the reissue claim is as broad as or broader than the canceled or amended 
claim (the surrendered subject matter) in all aspects, the recapture rule bars the claim; (2) if it is 
narrower (than the surrendered subject matter) in all aspects, the recapture rule does not apply, 
but other rejections are possible; (3) if the reissue claim is broader (than the surrendered subject 
matter) in some respects, but narrower (than the surrendered subject matter) in others, then: (a) 
if the reissue claim is as broad as or broader in an aspect germane to a prior art rejection, but 
narrower in another aspect completely unrelated to the rejection, the recapture rule bars the 
claim; (b) if the reissue claim is narrower in an aspect germane to (a) prior art rejection, and 
broader in an aspect unrelated to the rejection, the recapture rule does not bar the claim, but other 
rejections are possible. 



In the present case, the surrendered subject matter consisted of original application claims 
5 and 21, nothing more. These claims originally read as follows: 
Original Application Claim 5: 

A method of managing network access to a data communications network, said method 

comprising: 
maintaining a central database; 

maintaining at least one authentication, authorization and accounting (AAA) service at a 

point of presence (PoP) of the data communications network; and 
configuring a database associated with the AAA service from the central database. 



Original Application Claim 21 : 

A method of managing network access to a data communications network, said method 

comprising: 
maintaining a central database; 
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maintaining a plurality of authentication, authorization and accounting (AAA) services at a 

point of presence (PoP) of the data communications network; and 
configuring databases associated with the AAA services from the central database. 

In the 102(a) rejection the Examiner alleged that the limitations of original application 
claims 5 and 21 were met because FIG. 5 shows "configuring" a single AAA's database from a 
GRS at the PoP and if the CORPA and CORPB domains are taken into account, a network with a 
plurality of AAA services (not shown being configured by the GRS) is shown. 

In the 102(e) rejection the Examiner alleged that Zhang et al. FIG. 4 teaches a PoP with 
multiple AAA services each with its own database and a central AAA database. 

According to the MPEP at Sec. 1412.02 "A reissue will not be granted to 'recapture' 
claimed subject matter which was surrendered in an application to obtain the original patent, 
{citations omitted}" 

There is a two step test. The first step is to determine whether and in what aspect the 
reissue claims are broader than the patent claims. The second step is to determine whether the 
broader aspects of the reissue claims relate to surrendered subject matter. One normally looks to 
the prosecution history for arguments and changes made in response to a prior art rejection. 
Where a claim is broadened, the examiner must next determine whether the broader aspects of 
that reissue claim relate to subject matter that applicant previously surrendered during the 
prosecution. 
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According to the MPEP: "If the limitation now being omitted or broadened in the present 
reissue was originally presented/argued/stated in the original application to make the claims 
allowable over a rejection or objection made in the original application, the omitted limitation 
relates to subject matter previously surrendered by applicant, and impermissable recapture 
exists." 

In the present reissue application, it is apparent that no substantive amendments were 
made to the claims during prosecution. Original application claims 5 and 21 were cancelled, but 
all other claims were deemed allowable in the first office action. It is also apparent that no 
substantive argument with respect to the prior art was made during prosecution. Certain claims 
were indicated to be allowable. The non-allowable claims were cancelled and the allowable 
claims (some incorporating the cancelled subject matter) proceeded to issue. Accordingly, this 
portion of the MPEP is not invoked by the present reissue application. 

According to the MPEP: "The recapture rule bars the patentee from acquiring through 
reissue claims that are, in all aspects, of the same scope as, or broader in scope than, those claims 
cancelled from the original application to obtain a patent, {citation omitted} ." 

The following Table explains how the original patent claims sourced from the original 
application claims: 
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ORIGINAL PATENT CLAIM ORIGINAL APP. CLAIM 
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Thus only original patent claims 1-10 have any relationship whatsoever to the cancelled 

claims. 



Discussion of the New Reissue Claims 

The new reissue claims include reissue claims 31-73. Of these claims, 31, 38, 43, 47, 
51, 55, 59, 61 and 63 - 73 are independent claims. The independent claims will now be 



42 of 48 



Docket No.: CISCO-8363 
(REISSUE OF CISCO-0737) 
032590-000223 

addressed in detail. All of the new dependent claims depend from new independent claims and 
are therefore narrower by definition. Accordingly they will not be addressed in detail, however, 
they are allowable for at least the reasons that their parent independent claims are allowable. 

Reissue Claim 31 is narrower in at least one respect from that of cancelled original 
application claim 5. It requires at least two PoPs with AAAs, the AAAs configured from a 
central database. This is clearly narrower than cancelled original application claim 5 and 
narrower than the cited art. 

According to the MPEP: "Reissue claims that are broader in some aspects and narrower 
in others vis-a-vis claims cancelled from the original application to obtain a patent may avoid the 
effect of the recapture rule if the claims are broader in a way that does not attempt to reclaim 
what was surrendered earlier, {citations omitted}. If the reissue claim is as broad as or broader 
in an aspect germane to a prior art rejection, but narrower in another aspect completely unrelated 
to the rejection, the recapture rule bars the claim; if the reissue claim is narrower in an aspect 
germane to a prior art rejection, and broader in an aspect unrelated to the rejection, the recapture 
rule does not bar the claim. ... {citation omitted}. " 

Reissue Claim 3 1 is narrower than cancelled original application claim 5. It is narrower 
at least insofar as it contains limitations directed to multiple PoPs with remote AAAs configured 
from a central database. It is broader than original application claim 6 (which became original 
patent claim 1) insofar as it does not specify the precise mechanism by which information is 
transmitted to configure the AAAs. Original application claim 1 was a broad claim which the 
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Examiner determined included in its scope the subject matter of Zhang et al. and the Admitted 
Prior Art (APA), i.e., AAAs configured at a PoP from a central database. Reissue claim 31 is 
limited to a multi-PoP implementation not disclosed or taught by the APA or by Zhang et al. and 
is thus narrower in scope than original application claim 5. Accordingly, the surrendered subject 
matter, single Pop implementation, is not recaptured by the proposed reissue claim 31 and this 
claim is thus in condition for allowance. 

Reissue claims 32-37 ail depend from Reissue claim 31 and are allowable for at least 
the same reasons referred to above. 

Reissue claim 38 is narrower than cancelled original application claim 21 for the same 
reasons stated with respect to claim Reissue claim 3 1 above. Accordingly it is allowable as well. 

Reissue claims 39 - 42 all depend from Reissue claim 38 and are all allowable for at least 
the same reasons referred to above. 

Reissue claim 43 is similar to original patent claim 1 1 except that it does not require a 
particular method of information transport such as the subscriber-publisher system described in 
claim original patent claim 11. It is thus broader than claim issued 11, however, original patent 
claim 1 1 was not subject to rejection or argument, therefore the recapture rule does not apply. 
This claim is in condition for allowance. 
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Reissue claims 44 - 46 depend from reissue claim 43 and are all allowable for at least the 
same reasons referred to above. 

Reissue claim 47 is similar to original patent claim 15 except that it is narrower in that it 
requires the database checked for a remote AAA service to be associated with the one AAA 
service used. This claim was not subject to rejection or narrowing or argument, therefore the 
recapture rule does not apply. This claim is in condition for allowance. 

Reissue claims 48 - 50 depend from reissue claim 47 and are all allowable for at least the 
same reasons referred to above. 

Reissue claim 51 is similar to original patent claim 19 except that it is broader in that it 
does not require a specific form of information transport. This claim was not subject to rejection 
or narrowing or argument, therefore the recapture rule does not apply. This claim is in condition 
for allowance. 

Reissue claims 52 - 54 depend from reissue claim 51 and are all allowable for at least the 
same reasons referred to above. 

Reissue claim 55 is similar to original patent claim 23, though it is narrower in that it 
contains the additional limitation regarding transmitting of updating information to the AAA 
service. This claim was not subject to rejection or narrowing or argument, therefore the recapture 
rule does not apply. This claim is in condition for allowance. 



45 of 48 



Docket No.: CISCO-8363 
(REISSUE OF CISCO-0737) 
032590-000223 

Reissue claims 56 - 58 depend from reissue claim 55 and are all allowable for at least the 
same reasons referred to above. 

Reissue claim 59 is similar to original patent claim 27, though it is broader in that it 
contains a limitation to a transmitter rather than a publisher to accomplish the information 
transport function. This claim was not subject to rejection or narrowing or argument, therefore 
the recapture rule does not apply. This claim is in condition for allowance. 

Reissue claim 60 depends from reissue claim 59 and is allowable for at least the same 
reasons referred to above. 

Reissue claim 61 is similar to original patent claim 29, though it is broader in that it 
contains a limitation to a transmitter rather than a publisher to accomplish the information 
transport function. This claim was not subject to rejection or narrowing or argument, therefore 
the recapture rule does not apply. This claim is in condition for allowance. 

Reissue claim 62 depends from reissue claim 61 and is allowable for at least the same 
reasons referred to above. 

Reissue claims 63 and 64 are both independent and recite subject matter generally similar 
to original patent claims in means plus function format. 
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Reissue claim 65 is independent and claims the accounting aspect of the invention not 
previously claimed in means plus function format. 

Reissue claim 66 is independent and recites subject matter generally similar to original 
patent claims. 

Reissue claim 67 is independent and recited subject matter generally similar to original 
patent claims in means plus function format. 

Reissue claims 68 - 73 are independent claims directed to two-PoP versions of the 
invention. 

For the foregoing reasons, claims 63 - 73 are allowable as well. 

Amendments to the Specification 

A number of minor amendments are made to the specification. They address 
typographical and minor grammatical errors noted in preparing the reissue application. No new 
matter is introduced thereby. 

Amendments to the Original Patent Claims 

A number of the original patent claims have been amended. These amendments are all to 
correct obvious typographical errors noted in the preparation of this reissue application. 
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If, in the opinion of the Examiner, an interview would expedite the prosecution of this 
application, the Examiner is invited to call the undersigned attorney at the number indicated 



The Commissioner is hereby authorized to charge any additional fees or credit any 
overpayment to Deposit Account No. 50-1698. 



Thelen Reid & Priest LLP 
P.O. Box 640640 
San Jose, CA 95164-0640 
Phone: (408)292-5800 
Fax: (408)287-8040 



below. 



Respectfully submitted, 
Thelen Reid & Priest LLP 





John P. Schaub 
Reg. No. 42,125 
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VA 22313-1450, on the date printed below: j 




Name: 

Carol Dlez 



MAIL STOP REISSUE 
COMMISSIONER FOR PATENTS 
P.O. BOX 1450 

ALEXANDRIA, VA 22313-1450 
STATEMENT OF STATUS AND SUPPORT FOR ALL CHANGES TO THE CLAIMS 

UNDER 37 C.F.R. S 1.173(c) 



Claim 1 : Original- Pending - Not Amended 
Claim 2: Original- Pending - Not Amended 
Claim 3: Original- Pending - Not Amended 
Claim 4: Original- Pending - Amended 

Support: Per claim 4, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
PoP (col. 9 lines 4-15). 
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Claim 5: Original- Pending - Not Amended 
Claim 6: Original- Pending - Not Amended 
Claim 7: Original- Pending - Not Amended 
Claim 8: Original- Pending - Not Amended 
Claim 9: Original- Pending - Amended 

Support: Per claim 9, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
PoP (col. 9 lines 4-15). 

Claim 10: Original- Pending - Not Amended 

Claim 1 1 : Original- Pending - Not Amended 

Claim 12: Original- Pending - Not Amended 

Claim 13: Original- Pending - Amended 

Support: Per claim 13, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
PoP (col. 9 lines 4-15). 

Claim 14: Original- Pending - Not Amended 
Claim 15: Original- Pending - Not Amended 
Claim 16: Original- Pending - Not Amended 
Claim 17: Original- Pending - Amended 

Support: Per claim 17, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
PoP (col. 9 lines 4-15). 

Claim 18: Original- Pending - Not Amended 
Claim 19: Original- Pending - Not Amended 
Claim 20: Original- Pending - Not Amended 
Claim 2 1 : Original- Pending - Amended 

Support: Per claim 21, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
PoP (col. 9 lines 4-15). 
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Claim 22: Original- Pending - Not Amended 

Claim 23: Original- Pending - Not Amended 

Claim 24: Original- Pending - Not Amended 

Claim 25: Original- Pending - Amended 

Support: Per claim 25, the original patent specification shows 

a method of managing network access requests to a data communications network, said method 
comprising: 

receiving at a protocol gateway in a point of presence (PoP) of the data communications network 

a network access request from a user through a network access server (NAS) (col. 8 lines 

46-50, col. 9 lines 36-38, and FIG. 1 1 reference numeral 1 14); 
parsing the network access request for an identification of the user's domain (col. 9 lines 38-39, 

and FIG. 1 1 reference numeral 116); 
routing the network access request to an authentication, authorization and accounting (AAA) 

service associated with the PoP if the user's domain corresponds to that of the PoP (col. 9 

lines 39-41, and FIG. 1 1 reference numeral 118); 
looking up a domain identification entry corresponding to the user's domain in a database if the 

user's domain does not correspond to that of the PoP (col. 9 lines 46-49, and FIG. 1 1 

reference numeral 122); 
proxying the network access request to an AAA service in the user's domain at an address and 

port as specified in the domain identification entry of the database if the user's domain does 

not correspond to that of the PoP (col. 9 lines 50-52, and FIG. 11 reference numeral 124); 

and 

assigning an IP address to the user from a local DHCP pool of IP addresses if the user's domain 
does not correspond to that of the PoP (col. 9 lines 4-15). 

Claim 26: Original- Pending - Not Amended 

Claim 27: Original- Pending - Not Amended 

Claim 28: Original- Pending - Amended 

Support: Per claim 28, the original patent specification shows said proxy database populated at 
instantiation of said proxy service by receiving information published by said publisher from 
said central database (col. 9 lines 16-31, FIG. 10 reference numeral 108). 

Claim 29: Original- Pending - Not Amended 

Claim 30: Original- Pending - Amended 

Support: Per claim 30, the original patent specification shows said proxy databases populated at 
instantiation of said respective proxy services by receiving information published by said 
publisher from said central database (col. 9 lines 16-31, FIG. 10 reference numeral 108). 
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Claim 31: New- Pending 

Support: Per claim 31, the original patent specification shows 

a method for managing network access to a data communications network, said method 
comprising: 

maintaining a central database coupled to the data communications network (col. 8 lines 37-45); 

maintaining at least a first authentication, authorization and accounting (AAA) service at a first 
point of presence (PoP) of the data communications network and a second AAA service at a 
second PoP of the data communications network (col 6 lines 61-65, and FIG. 7 reference 
numerals 32 and 30c); 

configuring a database associated with the first AAA service from the central database by 

transporting information from the central database over the data communications network to 
the database associated with the first AAA service (col. 9 lines 16-31); and 

configuring a database associated with the second AAA service from the central database by 
transporting information from the central database over the data communications network to 
the database associated with the second AAA service (col. 9 lines 16-31). 

Claim 32: New- Pending 

Support: Per claim 32, the original patent specification shows periodically updating the database 
associated with the first AAA service from the central database by transporting information from 
the central database over the data communications network to the database associated with the 
first AAA service (col. 8 lines 36-45, FIG. 7 reference numerals 18, 22, 28c, and 30c). 

Claim 33: New- Pending 

Support: Per claim 33, the original patent specification shows periodically updating the database 
associated with the second AAA service from the central database by transporting information 
from the central database over the data communications network to the database associated with 
the second AAA service (col. 8 lines 36-45, FIG. 7 reference numerals 18, 22, 28c, and 30c). 

Claim 34: New- Pending 

Support: Per claim 34, the original patent specification shows 

receiving at a protocol gateway in the first PoP a network access request from a user through a 
network access server (NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 11 reference 
numeral 114); 

parsing the network access request for an identification of the user's domain (col. 9 lines 38-39, 

and FIG. 11 reference numeral 116); 
routing the network access request to the first AAA service at the first PoP if the user's domain 

corresponds to that of the first PoP (col. 9 lines 39-41, and FIG. 1 1 reference numeral 118); 
looking up a domain identification entry corresponding to the user's domain in the first AAA 

service's database if the user's domain does not correspond to that of the first PoP (col. 9 

lines 46-49, and FIG. 1 1 reference numeral 122); 
proxying the network access request to an AAA service in the user's domain at an address and 

port as specified in the domain identification entry of the database if the user's domain does 

not correspond to that of the first PoP (col. 9 lines 50-52, and FIG. 1 1 reference numeral 

124). 
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Claim 35: New- Pending 

Support: Per claim 35, the original patent specification shows obtaining an IP address for the 
user from the AAA service in the user's domain if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 52-53). 

Claim 36: New- Pending 

Support: Per claim 36, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
first PoP (col. 9 lines 4-15). 

Claim 37: New- Pending 

Support: Per claim 37, the original patent specification shows assigning an IP address to the user 
from an IP address pool identified in an access-accept packet received from the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 
col. 9 line 3, col. 9, lines 9-15). 

Claim 38: New- Pending 

Support: Per claim 38, the original patent specification shows 

a method for managing network access to a data communications network, said method 
comprising: 

maintaining a central database coupled to the data communications network (col. 8 lines 37-45); 

maintaining a plurality of first authentication, authorization and accounting (AAA) services at a 
first point of presence (PoP) of the data communications network and a second AAA service 
at a second PoP of the data communications network (col. 6 lines 61-65, and FIG. 7 
reference numerals 32 and 30c); 

configuring one or more databases associated with the first AAA services from the central 
database by transporting information from the central database over the data 
communications network to the database(s) associated with the first AAA services (col. 9 
lines 16-31); and 

configuring a database associated with the second AAA service from the central database by 
transporting information from the central database over the data communications network to 
the database associated with the second AAA service (col. 9 lines 16-31). 

Claim 39: New- Pending 

Support: Per claim 39, the original patent specification shows 

receiving at a protocol gateway in the first PoP a network access request from a user through a 
network access server (NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference 
numeral 114); 

parsing the network access request for an identification of the user's domain (col. 9 lines 38-39, 
and FIG. 1 1 reference numeral 116); 

routing the network access request to one of said plurality of first AAA services at the first PoP if 
the user's domain corresponds to that of the first PoP while load balancing among said 
plurality of first AAA services (col. 9 lines 39-41, and FIG. 1 1 reference numeral 118); 
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looking up a domain identification entry corresponding to the user's domain in one of said 
plurality of first AAA service's database(s) if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 46-49, and FIG. 1 1 reference numeral 122); 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the domain identification entry of the database if the user's domain does 
not correspond to that of the first PoP (col. 9 lines 50-52, and FIG. 1 1 reference numeral 
124). 

Claim 40: New- Pending 

Support: Per claim 40, the original patent specification shows obtaining an IP address for the 
user from the AAA service in the user's domain if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 52-53). 

Claim 41: New- Pending 

Support: Per claim 41, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
first PoP (col. 9 lines 4-15). 

Claim 42: New- Pending 

Support: Per claim 42, the original patent specification shows assigning an IP address to the user 
from an IP address pool identified in an access-accept packet received from the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 
col. 9 line 3, col. 9, lines 9-15). 

Claim 43: New- Pending 

Support: Per claim 43, the original patent specification shows 

a method for managing network access to a data communications network, said method 
comprising: 

maintaining a central database coupled to the data communications network, said central 
database containing access information for authentication, authorization and accounting 
(AAA) services associated with domains of the data communications network (col. 8 lines 
37-45); 

maintaining at a first point of presence (PoP) of the data communications network at least one 
first AAA service (col. 6 lines 61-65, and FIG. 7 reference numerals 32 and 30c) and at least 
one first proxy service (FIG. 7 reference numeral 28b) and at least one first protocol 
gateway (FIG. 7 reference numeral 30a) in communication with a network access server 
(NAS) (FIG. 7); 

periodically transporting information contained in the central database from the central database, 
over the data communications network, to the first AAA service(s) (col. 8 lines 36-45, FIG. 
7 reference numerals 18, 22, 28c, and 30c), the first proxy service(s) (FIG. 7 reference 
numeral 30b) and the first protocol gateway(s) (FIG. 7 reference numeral 30a); 

receiving at a protocol gateway in the first PoP a network access request from a user through a 
network access server (NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 11 reference 
numeral 114); 
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parsing the network access request at the first protocol gateway for an identification of the user's 

domain (col. 9 lines 38-39, and FIG. 1 1 reference numeral 116); 
routing the network access request to an AAA service at the first PoP if the user's domain 

corresponds to that of the first PoP (col. 9 lines 39-41, and FIG. 1 1 reference numeral 118); 
looking up access information within a domain identification entry corresponding to the user's 

domain in a database associated with the first proxy server if the user's domain does not 

correspond to that of the first PoP (col. 9 lines 46-49, and FIG. 1 1 reference numeral 122); 

and 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the access information if the user's domain does not correspond to that of 
the first PoP (col. 9 lines 50-52, and FIG. 1 1 reference numeral 124). 

Claim 44: New- Pending 

Support: Per claim 44, the original patent specification shows obtaining an IP address for the 
user from an AAA service in the user's domain if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 52-53). 

Claim 45: New- Pending 

Support: Per claim 45, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
first PoP (col. 9 lines 4-15). 

Claim 46: New- Pending 

Support: Per claim 46, the original patent specification shows assigning an IP address to the user 
from an IP address pool identified in an access-accept packet received from the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 
col. 9 line 3, col. 9, lines 9-15). 

Claim 47: New- Pending 

Support: Per claim 47, the original patent specification shows 

a method for managing network access requests to a data communications network, said method 
comprising: 

receiving at a protocol gateway in a first point of presence (PoP) of the data communications 
network a network access request from a user received through a network access server 
(NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference numeral 1 14); 

parsing the network access request for an identification of the user's domain (col. 9 lines 38-39, 
and FIG. 11 reference numeral 116); 

routing the network access request to one of the plurality of authentication, authorization and 
accounting (AAA) services associated with the first PoP if the user's domain corresponds to 
that of the first PoP while load balancing among the plurality of AAA services (col. 9 lines 
39-41, and FIG. 1 1 reference numeral 118); 

looking up a domain identification entry corresponding to the user's domain in a database 

associated with the one AAA if the user's domain does not correspond to that of the first PoP 
(col. 9 lines 46-49, and FIG. 1 1 reference numeral 122); 
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proxying the network access request via one of a plurality of proxy services to an AAA service 
in the user's domain at an address and port as specified in the domain identification entry of 
the database if the user's domain does not correspond to that of the first PoP while load 
balancing among the plurality of proxy services (col. 9 lines 50-52, and FIG. 1 1 reference 
numeral 124). 

Claim 48: New- Pending 

Support: Per claim 48, the original patent specification shows obtaining an IP address for the 
user from the AAA service in the user's domain if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 52-53). 

Claim 49: New- Pending 

Support: Per claim 49, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of TP addresses if the user's domain does not correspond to that of the 
first PoP (col. 9 lines 4-15). 

Claim 50: New- Pending 

Support: Per claim 50, the original patent specification shows assigning an IP address to the user 
from an IP address pool identified in an access-accept packet received from the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 
col. 9 line 3, col. 9, lines 9-15). 

Claim 51: New- Pending 

Support: Per claim 51, the original patent specification shows 

a method for managing network access to a data communications network, said method 
comprising: 

maintaining a central database, said central database containing access information for 

authentication, authorization and accounting services associated with domains of the data 
communications network (col. 8 lines 37-45); 

maintaining at a first point of presence (PoP) of the data communications network a plurality of 
AAA services at least one AAA service (col: 6 lines 61-65, and FIG. 7 reference numerals 
32 and 30c) and at least one proxy service (FIG. 7 reference numeral 28b) and at least one 
protocol gateway (FIG. 7 reference numeral 30a) in communication with a network access 
server (NAS) (FIG. 7); 

periodically transmitting information contained in said central database over the data 

communications network to said AAA (col. 8 lines 36-45, FIG. 7 reference numerals 18, 22, 
28c, and 30c) and said proxy service (FIG. 7 reference numeral 28b); 

receiving at a protocol gateway in the PoP a network access request from a user through a 
network access server (NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference 
numeral 114); 

parsing the network access request at the protocol gateway for an identification of the user's 
domain (col. 9 lines 38-39, and FIG. 1 1 reference numeral 1 16); 

routing the network access request to one of said plurality of AAA services at the first PoP if the 
user's domain corresponds to that of the first PoP while load balancing among said plurality 
of AAA services (col. 9 lines 39-41, and FIG. 11 reference numeral 118); 
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looking up access information within a domain identification entry corresponding to the user's 
domain in a database associated with one of said plurality of proxy services if the user's 
domain does not correspond to that of the first PoP while load balancing among said 
plurality of proxy services (col 9 lines 46-49, and FIG. 1 1 reference numeral 122); and 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the access information if the user's domain does not correspond to that of 
the first PoP (col. 9 lines 50-52, and FIG. 1 1 reference numeral 124). 

Claim 52: New- Pending 

Support: Per claim 52, the original patent specification shows obtaining an IP address for the 
user from an AAA service in the user's domain if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 52-53). 

Claim 53: New- Pending 

Support: Per claim 53, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
first PoP (col. 9 lines 4-15). 

Claim 54: New- Pending 

Support: Per claim 54, the original patent specification shows assigning an IP address to the user 
from an IP address pool identified in an access-accept packet received from the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 
col. 9 line 3, col. 9, lines 9-15). 

Claim 55: New- Pending 

Support: Per claim 55, the original patent specification shows 

a method for managing network access requests to a data communications network, said method 
comprising: 

periodically transmitting updating information contained in a central database over the data 
communications network to an authentication, authorization and accounting (AAA) service 
associated with a first point of presence (PoP) of the data communications network (col. 8 
lines 36-45, FIG. 7 reference numerals 18, 22, 28c, and 30c); 

receiving at a protocol gateway in the first point of presence (PoP) of the data communications 
network a network access request from a user received through a network access server 
(NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference numeral 1 14); 

parsing the network access request for an identification of the user's domain (col. 9 lines 38-39, 
and FIG. 1 1 reference numeral 116); 

routing the network access request to the AAA service associated with the first PoP if the user's 
domain corresponds to that of the first PoP (col. 9 lines 39-41, and FIG. 1 1 reference 
numeral 118); 

looking up a domain identification entry corresponding to the user's domain in a database if the 
user's domain does not correspond to that of the first PoP (col. 9 lines 46-49, and FIG. 1 1 
reference numeral 122); 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the domain identification entry of the database if the user's domain does 
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not correspond to that of the first PoP (col. 9 lines 50-52, and FIG. 1 1 reference numeral 
124). 

Claim 56: New- Pending 

Support: Per claim 56, the original patent specification shows obtaining an IP address for the 
user from the AAA service in the user's domain if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 52-53). 

Claim 57: New- Pending 

Support: Per claim 57, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
first PoP (col. 9 lines 4-15). 

Claim 58: New- Pending 

Support: Per claim 58, the original patent specification shows assigning an IP address to the user 
from an IP address pool identified in an access-accept packet received from the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 
col. 9 line 3, col. 9, lines 9-15). 

Claim 59: New- Pending 

Support: Per claim 59, the original patent specification shows 

a system for data communications network access management, comprising: 

a central database containing information identifying access information for authentication, 

authorization and accounting (AAA) services associated with domains of the data 

communications network (col. 8 lines 37-45); 
a first point of presence (PoP) on the data communications network, said first PoP including a 

protocol gateway in communication with at least one network access server (NAS) (col. 6 

line 61 to col 7 line 42, FIG. 7 reference numerals 32 and 30a); 
an AAA service associated with said first PoP and in communication with said protocol gateway 

and the data communications network (col. 6 lines 61-65, and FIG. 7 reference numerals 32 

and 30c); 

a proxy service associated with the first PoP and in communication with said protocol gateway 
and the data communications network (col. 6 line 61 to col 7 line 42, FIG. 7 reference 
numerals 30a, 30b, and 32), 

a transmitter, said transmitter transmitting information from said central database to said AAA 
service at said first PoP and said proxy service at said first PoP over the data 
communications network (col. 6 lines 35-60, FIG. 7 reference numerals 18, 22, 24, 28b, 30c, 
and 32); 

said protocol gateway receiving network access requests from users over the NAS, parsing the 
requests for domain identification and routing the requests for domains other than those 
associated with the first PoP to the proxy service (col. 9 lines 38-39, and FIG. 1 1 reference 
numeral 116), 

said proxy service routing network access requests to AAA services in remote domains in 
accordance with said access information (col. 4 lines 49-52, col. 9 lines 42-46). 
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Claim 60: New- Pending 

Support: Per claim 60, the original patent specification shows 

an AAA database associated with said AAA service at said first PoP (col. 6 lines 61-65, and FIG. 

7 reference numerals 32 and 30c); 
a proxy database associated with said proxy service at said first PoP (FIG. 7 reference numeral 

30b), 

said AAA database populated at instantiation of said AAA service by receiving information 

transmitted by said transmitter from said central database (col. 9 lines 16-31, FIG. 9 

reference numeral 102), 
said proxy database populated at instantiation of said proxy service by receiving information 

transmitted by said transmitter from said database (col. 9 lines 16-31, FIG. 10 reference 

numeral 108). 

Claim 61: New- Pending 

Support: Per claim 61, the original patent specification shows 

a system for data communications network access management, comprising: 

a central database containing information identifying access information for authentication, 

authorization and accounting (AAA) services associated with domains of the data 

communications network (col. 8 lines 37-45); 
a first point of presence (PoP) on the data communications network, said first PoP including a 

protocol gateway in communication with at least one network access server (NAS) (col. 6 

line 61 to col 7 line 42, FIG. 7 reference numerals 32 and 30a); 
a plurality of AAA services associated with said first PoP and in communication with said 

protocol gateway (col. 6 lines 61-65, and FIG. 7 reference numerals 32 and 30c), said AAA 

services subscribing to information published by said publisher (col. 7 lines 45-53); 
a plurality of proxy services associated with said first PoP and in communication with said 

protocol gateway, said proxy services subscribing to information published by said publisher 

(col. 7 lines 45-53); and 
a transmitter, said transmitter transmitting information from said central database over the data 

communications network to said plurality of AAA services associated with said first PoP 

and to said plurality of proxy services associated with said first PoP (col. 6 lines 35-60, FIG. 

7 reference numerals 22, 24, 28b, 30c, and 32), 
said protocol gateway receiving network access requests from users over the NAS, parsing the 

requests for domain identification (col. 9 lines 38-39, and FIG. 1 1 reference numeral 116) 

and routing the requests for domains other than those associated with the first PoP to one of 

said plurality of proxy services while load balancing among them, 
said proxy service routing network access requests to AAA services in remote domains in 

accordance with said access information (col. 4 lines 49-52, col. 9 lines 42-46). 

Claim 62: New- Pending 

Support: Per claim 62, the original patent specification shows 

a plurality of AAA databases associated with said respective AAA services at said first PoP (col. 

6 lines 61-65, and FIG. 7 reference numerals 32 and 30c); and 
a plurality of proxy databases associated with said respective proxy services at said first PoP, 
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said AAA databases populated at instantiation of said respective AAA services by receiving 

information transmitted by said transmitter from said central database (col. 9 lines 16-31, 

FIG. 9 reference numeral 102), 
said proxy databases populated at instantiation of said respective proxy services by receiving 

information transmitted by said transmitter from said central database (col. 9 lines 16-31, 

FIG. 10 reference numeral 108). 

Claim 63: New- Pending 

Support: Per claim 63, the original patent specification shows 

a system for managing access to a data communications network, said system comprising: 
means for communicating with a central database via the data communications network, the 

central database containing information identifying access information for authentication, 

authorization and accounting (AAA) services associated with domains of the data 

communications network (col. 8 lines 37-45, FIG. 7 reference numeral 22); 
means for communicating with a local AAA service associated with a local Point of Presence 

(PoP) (col. 6 lines 61-65, and FIG. 7 reference numerals 32, 30c, and 22); 
means for communicating with a remote AAA service via a local proxy service (col. 9 lines 42- 

53, FIG. 7 reference numerals 22 and 30b); 
means for instantiating the local AAA service from the central database (col. 9 lines 16-31, FIG. 

9 reference numeral 102); 
means for receiving a network access request from a user through a local network access server 

(NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference numeral 1 14); 
means for checking the network access request to determine an identification of the user's 

domain (col. 9 lines 38-39, and FIG. 1 1 reference numeral 116); 
means for routing the network access request to the local AAA service if the user's domain 

corresponds to that of the local PoP (col. 9 lines 39-41, FIG. 1 1 reference numeral 118, FIG. 

7 reference numeral 22); 
means for looking up a domain identification entry corresponding to the user's domain in the 

local AAA service's database if the user's domain does not correspond to that of the local 

PoP (col. 9 lines 46-49, FIG. 1 1 reference numeral 122, FIG. 7 reference numeral 34); and 
means for proxying the network access request to a remote AAA service in the user's domain at 

an address and port as specified in the domain identification entry of the database if the 

user's domain does not correspond to that of the local PoP (col. 9 lines 50-52, FIG. 1 1 

reference numeral 124, and FIG. 7 reference numeral 30b). 

Claim 64: New- Pending 

Support: Per claim 64, the original patent specification shows 

a system for managing access to a data communications network, said system comprising: 
means for communicating with a central database via the data communications network, the 
central database containing information identifying access information for authentication, 
authorization and accounting (AAA) services associated with domains of the data 
communications network (col. 8 lines 37-45, FIG. 7 reference numeral 22); 
means for communicating with a plurality of local AAA services associated with a local Point of 
Presence (PoP) (col. 6 lines 61-65, and FIG. 7 reference numerals 32, 30c, and 22); 
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means for communicating with a plurality of local proxy services associated with the local PoP 

(FIG. 7 reference numerals 22 and 28b); 
means for communicating with a remote AAA service via a local proxy service (col. 9 lines 42- 

53, FIG. 7 reference numerals 22 and 30b); 
means for instantiating the local AAA services from the central database (col. 9 lines 16-31, FIG. 

9 reference numeral 102); 
means for instantiating the local proxy services from the central database (col. 9 lines 16-31, 

FIG. 10 reference numeral 108); 
means for receiving a network access request from a user through a local network access server 

(NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference numeral 1 14); 
means for checking the network access request to determine an identification of the user's 

domain (col. 9 lines 38-39, and FIG. 1 1 reference numeral 116); 
means for routing the network access request to the local AAA service if the user's domain 

corresponds to that of the local PoP (col. 9 lines 39-41, FIG. 11 reference numeral 118, FIG. 

7 reference numeral 22); 
means for looking up a domain identification entry corresponding to the user's domain with the 

local AAA services if the user's domain does not correspond to that of the local PoP (col. 9 

lines 46-49, FIG. 1 1 reference numeral 122, FIG. 7 reference numeral 34); 
means for proxying the network access request to a remote AAA service in the user's domain at 

an address and port as specified in the domain identification entry of the local AAA services' 

database if the user's domain does not correspond to that of the local PoP (col. 9 lines 50-52, 

FIG. 1 1 reference numeral 124, and FIG. 7 reference numeral 30b); and 
means for receiving network access requests from users over a network access server (NAS), 

parsing the requests for domain identification (col. 9 lines 38-39, and FIG. 1 1 reference 

numeral 116) and routing the requests for domains other than those associated with the first 

PoP to one of said plurality of proxy services while load balancing among them, 
said proxy service routing network access requests to the remote AAA service in accordance 

with said access information (col. 4 lines 49-52, col. 9 lines 42-46). 

Claim 65: New- Pending 

Support: Per claim 65, the original patent specification shows 

a method for accounting for use of a data communications network, said method comprising: 

means for communicating with a central database via the data communications network, the 
central database containing information identifying access information for authentication, 
authorization and accounting (AAA) services associated with domains of the data 
communications network (col. 8 lines 37-45, FIG. 7 reference numeral 22); 

means for communicating with at least one local AAA service associated with a local Point of 
Presence (PoP) (col. 6 lines 61-65, and FIG. 7 reference numerals 32, 30c, and 22); 

means for communicating with a remote AAA service (col. 9 lines 42-53, FIG. 7 reference 
numerals 22 and 30b); 

means for instantiating the local AAA services from the central database (col. 9 lines 16-31, FIG. 

9 reference numeral 102); 
means for receiving a network access request from a user through a local network access server 

(NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference numeral 1 14); 
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means for checking the network access request to determine an identification of the user's 

domain (col 9 lines 38-39, and FIG. 1 1 reference numeral 116); 
means for routing accounting information associated with the user to the local AAA service if 

the user's domain corresponds to that of the local PoP (col. 10 lines 18-20, FIG. 13 reference 

numeral 136); 

means for looking up a domain identification entry corresponding to the user's domain with the 
local AAA services if the user's domain does not correspond to that of the local PoP (col. 10 
lines 20-23, FIG. 13 reference numeral 138); 

means for routing the accounting information to a remote AAA service in the user's domain at an 
address and port as specified in the domain identification entry of the local AAA services' 
database if the user's domain does not correspond to that of the local PoP (col. 10 lines 20- 
23, FIG. 13 reference numeral 138). 

Claim 66: New- Pending 

Support: Per claim 66, the original patent specification shows 

a method for managing network access accounting in a data communications network, said 
method comprising: 

maintaining a central database coupled to the data communications network (col. 8 lines 37-45); 
maintaining at least a local authentication, authorization and accounting (AAA) service at a local 

point of presence (PoP) of the data communications network (col. 6 lines 61-65, and FIG. 7 

reference numerals 32 and 30c); 
configuring a database associated with the local AAA service from the central database by 

transporting information from the central database over the data communications network to 

the database associated with the local AAA service (col. 9 lines 16-31); 
receiving accounting information from a network access server (NAS) responsive to utilization 

of the data communications network by a user coupled to the data communications network 

through the NAS (col. 10 lines 14, FIG. 13 reference numeral 132); 
forwarding said accounting information to the local AAA service if the user's domain 

corresponds to that of the local PoP (col. 10 lines 18-20, FIG. 13 reference numeral 136); 

and 

forwarding said accounting information to a remote AAA service in the user's domain at an 
address and port as specified in the domain identification entry of the local AAA service's 
database if the user's domain does not correspond to that of the local PoP (col. 10 lines 20- 
23, FIG. 13 reference numeral 138). 

Claim 67: New- Pending 

Support: Per claim 67, the original patent specification shows 

an apparatus for managing network access accounting in a data communications network, said 
apparatus comprising: 

means for maintaining a central database coupled to the data communications network (col. 8 
lines 37-45); 

means for maintaining at least a local authentication, authorization and accounting (AAA) 
service at a local point of presence (PoP) of the data communications network (col. 6 lines 
61-65, and FIG. 7 reference numerals 32 and 30c); 
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means for configuring a database associated with the local AAA service from the central 
database by transporting information from the central database over the data 
communications network to the database associated with the local AAA service (col. 9 lines 
16-31, FIG. 7 reference numeral 1 6); 

means for receiving accounting information from a network access server (NAS) responsive to 
utilization of the data communications network by a user coupled to the data 
communications network through the NAS (col. 10 lines 14, FIG. 13 reference numeral 
132); 

means for forwarding said accounting information to the local AAA service if the user's domain 
corresponds to that of the local PoP (col. 10 lines 18-20, FIG. 13 reference numeral 136); 
and 

means for forwarding said accounting information to a remote AAA service in the user's domain 
at an address and port as specified in the domain identification entry of the local AAA 
service's database if the user's domain does not correspond to that of the local PoP (col. 10 
lines 20-23, FIG. 13 reference numeral 138). 

Claim 68: New- Pending 

Support: Per claim 68, the original patent specification shows 

a system for managing network access to a data communications network, said method 
comprising: 

a central database coupled to the data communications network (col. 8 lines 37-45); 

at least a first authentication, authorization and accounting (AAA) service at a first point of 
presence (PoP) of the data communications network and a second AAA service at a second 
PoP of the data communications network (col. 6 lines 61-65, and FIG. 7 reference numerals 
32 and 30c); and 

a database configurer configuring a database associated with the first AAA service from the 
central database by transporting information from the central database over the data 
communications network to the database associated with the first AAA service and 
configuring a database associated with the second AAA service from the central database by 
transporting information from the central database over the data communications network to 
the database associated with the second AAA service (col. 9 lines 16-31, FIG. 7 reference 
numeral 16). 

Claim 69: New- Pending 

Support: Per claim 69, the original patent specification shows 

an apparatus for managing network access to a data communications network, said method 
comprising: 

means for maintaining a central database coupled to the data communications network (col. 8 
lines 37-45); 

means for maintaining at least a first authentication, authorization and accounting (AAA) service 
at a first point of presence (PoP) of the data communications network and a second AAA 
service at a second PoP of the data communications network (col. 6 lines 61-65, and FIG. 7 
reference numerals 32 and 30c); 

means for configuring a database associated with the first AAA service from the central database 
by transporting information from the central database over the data communications network 
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to the database associated with the first AAA service (col. 9 lines 16-31, FIG. 7 reference 
numeral 16); and 

means for configuring a database associated with the second AAA service from the central 
database by transporting information from the central database over the data 
communications network to the database associated with the second AAA service (col. 9 
lines 16-31, FIG. 7 reference numeral 16). 

Claim 70: New- Pending 

Support: Per claim 70, the original patent specification shows 

a system for managing network access to a data communications network, said method 
comprising: 

a central database coupled to the data communications network (col. 8 lines 37-45); 

a plurality of first authentication, authorization and accounting (AAA) services disposed at a 
first point of presence (PoP) of the data communications network and a second AAA service 
disposed at a second PoP of the data communications network (col. 6 lines 61-65, and FIG. 
7 reference numerals 32 and 30c); 

a first database configurer configuring one or more databases associated with the first AAA 
services from the central database by transporting information from the central database 
over the data communications network to the database(s) associated with the first AAA 
services (col. 9 lines 16-31, FIG. 7 reference numeral 16); and 

a second database configurer configuring a database associated with the second AAA service 
from the central database by transporting information from the central database over the data 
communications network to the database associated with the second AAA service (col. 9 
lines 16-31, FIG. 7 reference numeral 16). 

Claim 71: New- Pending 

Support: Per claim 71, the original patent specification shows 

an apparatus for managing network access to a data communications network, said method 
comprising: 

means for maintaining a central database coupled to the data communications network (col. 8 
lines 37-45); 

means for maintaining a plurality of first authentication, authorization and accounting (AAA) 
service at a first point of presence (PoP) of the data communications network and a second 
AAA service at a second PoP of the data communications network (col. 6 lines 61-65, and 
FIG. 7 reference numerals 32 and 30c); and 

means for configuring one or more databases associated with the first AAA services from the 
central database by transporting information from the central database over the data 
communications network to the database(s) associated with the first AAA services (col. 9 
lines 16-31, FIG. 7 reference numeral 16); and 

means for configuring a database associated with the second AAA service from the central 
database by transporting information from the central database over the data 
communications network to the database associated with the second AAA service (col. 9 
lines 16-31, FIG. 7 reference numeral 16). 
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Claim 72: New- Pending 

Support: Per claim 72, the original patent specification shows 

a system for managing network access to a data communications network, said method 
comprising: 

a central database coupled to the data communications network (col. 8 lines 37-45); 

a plurality of first authentication, authorization and accounting (AAA) services disposed at a 
first point of presence (PoP) of the data communications network and a second AAA service 
disposed at a second PoP of the data communications network (col. 6 lines 61-65, and FIG. 
7 reference numerals 32 and 30c); and 

a database configurer configuring one or more databases associated with the first AAA services 
from the central database by transporting information from the central database over the data 
communications network to the database(s) associated with the first AAA services and 
configuring a database associated with the second AAA service from the central database by 
transporting information from the central database over the data communications network to 
the database associated with the second AAA service (col. 9 lines 16-31, FIG. 7 reference 
numeral 16). 

Claim 73: New- Pending 

Support: Per claim 73, the original patent specification shows 

an apparatus for managing network access to a data communications network, said method 
comprising: 

means for maintaining a central database coupled to the data communications network (col. 8 
lines 37-45); 

means for maintaining a plurality of first authentication, authorization and accounting (AAA) 
service at a first point of presence (PoP) of the data communications network and a second 
AAA service at a second PoP of the data communications network (col 6 lines 61-65, and 
FIG. 7 reference numerals 32 and 30c); and 

means for configuring one or more databases associated with the first AAA services from the 
central database by transporting information from the central database over the data 
communications network to the database(s) associated with the first AAA services and for 
configuring a database associated with the second AAA service from the central database by 
transporting information from the central database over the data communications network to 
the database associated with the second AAA service (col. 9 lines 16-31, FIG. 7 reference 
numeral 16). 
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The Commissioner is hereby authorized to charge any additional fees or credit any 
overpayment to Deposit Account No. 50-1698. 



Dated: October £ 2004 



Thelen Reid & Priest LLP 
P.O. Box 640640 
San Jose, CA 95164-0640 
Phone: (408)292-5800 
Fax: (408)287-8040 



Respectfully submitted, 
Thelen Reid & Priest LLP 
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